Adobe rushes out critical Flash update

Adobe rushed out a security update to its Flash Player on March 6, ahead of the company's normal release on the second Tuesday of the month. The fix is for a critical flaw in Flash that could "cause a crash and potentially allow an attacker to take control of the system."

The vulnerability, discovered by Tavis Ormandy and Fermin Serna of Google's security team, affects Flash players on Windows, Mac OS X, Linux, and Solaris operating systems, as well as Google Chrome and Android. It takes advantage of a bug in Flash's Matrix3D class, which could allow an attacker to corrupt system memory. That could allow the attacker to inject and execute code on a targeted system, gaining control of it.

Sean Gallagher / Sean is Ars Technica's IT Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.